Our approach

  • Use software generated using reproducible build architecture, such that the software state of the machine can be constantly compared with a secure reference (decentralized / hash chain) - so that we can be sure software has not been tampered with through the supply chain - confidence that the software integrity is intact.

    • The Reproducible Builds project is sufficiently mature to provide the basis of independently verifiable, auditable, trustable software stacks but, like many open source projects, heads toward that objective with uncertain speed and inadequate resources

    • We propose overseeing an accelerated resolution of the Reproducible Builds project enabling:

      • Each machine’s software stack to constantly be compared to a secure, decentralized register reference hash of the software it should have

      • Any difference between the anticipated and actual software stack results in a positive outcome: a message to overseers or a reduction or shutdown of machine function

      • Software state data are written to the same secure, decentralized fields as for the machine’s manufacture / supply origin, enabling large-data approaches to correlate variances in machine performance or in precise software status with any variances in manufacture and supply.

  • Moving to use approaches and CPU platforms that support / head beyond full system auditability to an autonomous determination of code integrity.

    • In order to secure maximum energy applied to threat or vulnerability detection and response, we propose to use community support as much as is feasible

      • Using open source and other community efforts as appropriate

      • Use of IBM Power9 or RISC V physical architectures

      • Use of other open and / or auditable tools

    • The implementation of the CPU and the software stack must be tracked with unimpeachable data records.

  • Building partnerships with device designers and manufacturers who will support full auditing of all steps in manufacturing and logistics, and writing these to a secure ledger (decentralized / hash chain) that we would create.


signal: +1 415 494 7530 

© 2019 Muinín P.B.C.